E19-7osq1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
8
Year:
2019
Description
This strike exploits a command injection vulnerability in the WebUI component of Cisco IOS XE. The vulnerability is due to improper validation of user-supplied snortcheck.lua form data via the WebUI. An user with low privilege access can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in execution of Cisco console commands with administrative privileges.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}